本文選題：惡意代碼　切入點(diǎn)：自動(dòng)分析　出處：《北京交通大學(xué)》2014年碩士論文　論文類型：學(xué)位論文

【摘要】：隨著震網(wǎng)、火焰病毒等一系列震驚全球的重大網(wǎng)絡(luò)安全事件的發(fā)生,信息安全已經(jīng)上升到國(guó)家戰(zhàn)略層面的高度。在此背景下,我國(guó)也面臨著敵對(duì)勢(shì)力惡意網(wǎng)絡(luò)攻擊的嚴(yán)重威脅。在信息網(wǎng)絡(luò)安全的諸多威脅中,惡意代碼的危害無(wú)疑最大,這也成為網(wǎng)絡(luò)安全研究領(lǐng)域的焦點(diǎn)。針對(duì)惡意代碼的研究工作也從各個(gè)方面展開(kāi)。本文主要關(guān)注于惡意代碼行為分析技術(shù)與評(píng)估方面的研究。 目前,在惡意代碼研究方面,國(guó)內(nèi)反病毒廠商大多集中研發(fā)應(yīng)用層面的產(chǎn)品,基礎(chǔ)技術(shù)研究的精力相對(duì)較少；國(guó)外反病毒廠商在惡意代碼檢測(cè)方面的技術(shù)比較成熟,但涉及商業(yè)利益,很難從公開(kāi)渠道獲取相關(guān)信息。通過(guò)調(diào)研多款惡意代碼在線分析沙箱,大多數(shù)服務(wù)側(cè)重展示惡意代碼的惡意行為和家族分類,報(bào)告可讀性差且缺少威脅度評(píng)估,而惡意代碼威脅度評(píng)估是信息安全風(fēng)險(xiǎn)評(píng)估的重要環(huán)節(jié)之一。因此,本文的研究目標(biāo)是：構(gòu)建一個(gè)分析過(guò)程自動(dòng)化、分析環(huán)境健壯、分析結(jié)果全面的惡意代碼檢測(cè)平臺(tái),并最終提供包含惡意代碼功能、行為和威脅度的綜合分析報(bào)告。 首先,在研究檢測(cè)技術(shù)和評(píng)估方法發(fā)展現(xiàn)狀的基礎(chǔ)上,對(duì)惡意代碼本身進(jìn)行了深入學(xué)習(xí)。熟悉病毒行為,總結(jié)惡意代碼特征,包括文件結(jié)構(gòu)、字符串特征、主機(jī)行為特征(進(jìn)程行為、注冊(cè)表行為、文件行為)和網(wǎng)絡(luò)行為。 然后,建立基于行為分析的惡意代碼威脅度評(píng)估模型,提出了基于互信息的惡意行為基本危害值計(jì)算方法,依據(jù)層次分析法的思想,利用特征矩陣計(jì)算各指標(biāo)權(quán)重。 在此基礎(chǔ)上,設(shè)計(jì)并實(shí)現(xiàn)基于行為分析的惡意代碼檢測(cè)與評(píng)估的自動(dòng)分析系統(tǒng),該系統(tǒng)由數(shù)據(jù)預(yù)處理模塊、虛擬機(jī)執(zhí)行模塊、綜合評(píng)估模塊三個(gè)主要功能模塊,以及行為指標(biāo)體系和權(quán)重庫(kù)兩個(gè)數(shù)據(jù)模塊組成。 最后,分別對(duì)自動(dòng)分析系統(tǒng)的有效性和評(píng)估體系及實(shí)施方法的合理性進(jìn)行測(cè)試,并與國(guó)內(nèi)外多個(gè)檢測(cè)平臺(tái)的分析報(bào)告做比較,實(shí)驗(yàn)結(jié)果證明本文設(shè)計(jì)并研發(fā)的系統(tǒng)能夠較好的實(shí)現(xiàn)預(yù)期目標(biāo)。
[Abstract]:With the occurrence of a series of major cyber security incidents that have shocked the world, such as earthquake net, flame virus, and so on, information security has risen to the height of national strategy. Our country is also facing a serious threat from hostile forces' malicious network attacks. Among the many threats to information network security, malicious code is undoubtedly the most harmful. This also becomes the focus of network security research field. The research work on malicious code is also carried out from various aspects. This paper mainly focuses on the research of malicious code behavior analysis technology and evaluation. At present, in the area of malicious code research, domestic anti-virus manufacturers mostly focus on the research and development of products at the application level, with relatively little energy in basic technology research; foreign anti-virus manufacturers have relatively mature technology in malicious code detection. However, because of commercial interests, it is difficult to obtain relevant information from public sources. By investigating multiple malicious code online analysis sandboxes, most services focus on displaying malicious acts and family classification of malicious code. The report is poor in readability and lack of threat evaluation, and malicious code threat assessment is one of the important links of information security risk assessment. Therefore, the research goal of this paper is to construct an analysis process automation and a robust analysis environment. The analysis results are comprehensive malicious code detection platform, and finally provide a comprehensive analysis report including malicious code function, behavior and threat degree. First of all, on the basis of studying the present situation of detection technology and evaluation methods, we have studied the malicious code itself deeply, familiar with the virus behavior, summarized the malicious code features, including file structure, string characteristics, Host behavior characteristics (process behavior, registry behavior, file behavior) and network behavior. Then, the threat degree evaluation model of malicious code based on behavior analysis is established, and the method of calculating the basic harm value of malicious act based on mutual information is proposed. According to the idea of analytic hierarchy process (AHP), the weight of each index is calculated by using characteristic matrix. On this basis, an automatic analysis system for malicious code detection and evaluation based on behavior analysis is designed and implemented. The system consists of three main functional modules: data preprocessing module, virtual machine execution module and comprehensive evaluation module. And the behavior index system and the weight database two data modules. Finally, the validity of the automatic analysis system and the rationality of the evaluation system and the implementation method are tested, and compared with the analysis reports of many domestic and foreign test platforms. Experimental results show that the system designed and developed in this paper can achieve the desired goals.
【學(xué)位授予單位】：北京交通大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前7條

1 陳婧婧;李煥洲;唐彰國(guó);鐘明全;;木馬運(yùn)行機(jī)制及行為特征分析[J];計(jì)算機(jī)安全;2009年10期

2 羅曉波;王開(kāi)建;徐良華;;基于行為分析的主動(dòng)防御技術(shù)及其脆弱性研究[J];計(jì)算機(jī)應(yīng)用與軟件;2009年07期

3 袁曉舒;;工業(yè)控制系統(tǒng)信息安全的探討[J];信息安全與通信保密;2013年02期

4 陳平;劉曉霞;李亞軍;;文本分類中改進(jìn)型互信息特征選擇的研究[J];微電子學(xué)與計(jì)算機(jī);2008年06期

5 杜棟;基于0.1～0.9標(biāo)度的AHP再研究[J];系統(tǒng)工程與電子技術(shù);2001年05期

6 張健,梁宏,陳建民,王琚,曹鵬,張雙橋;計(jì)算機(jī)病毒危害性的評(píng)估[J];信息網(wǎng)絡(luò)安全;2005年01期

7 杜棟;論AHP的標(biāo)度評(píng)價(jià)[J];運(yùn)籌與管理;2000年04期

相關(guān)博士學(xué)位論文 前1條

1 劉赫;文本分類中若干問(wèn)題研究[D];吉林大學(xué);2009年

，

本文編號(hào)：1591974